chasnges

Author: GennadNY

articles/postgresql/flexible-server/concepts-extensions.md

@@ -543,6 +543,18 @@ You can now enable pg_hint_plan your Postgres database. Connect to the database
 CREATE EXTENSION  pg_hint_plan ;
 ```
 
+## pg_buffercache
+
+`Pg_buffercache` can be used to study the contents of *shared_buffers* . Using [this extension](https://www.postgresql.org/docs/current/pgbuffercache.html) you can tell if a particular relation is cached or not(in *shared_buffers*) . This extension can help you in troubleshooting performance issues (caching related performance issues)
+
+This is part of contrib and it is very easy to install this extension.
+
+```sql
+CREATE EXTENSION pg_buffercache;
+```
+
+
+
 
 ## Next steps
 

articles/postgresql/flexible-server/concepts-security.md

@@ -49,13 +49,25 @@ When you're running Azure Database for PostgreSQL - Flexible Server, you have tw
 Best way to manage PostgreSQL database access permissions at scale is using the concept of [roles](https://www.postgresql.org/docs/current/user-manag.html). A role can be either a database user or a group of database users, moreover roles can own the database objects and assign privileges on those objects to other roles to control who has access to which objects. It is also possible to grant membership in a role to another role, thus allowing the member role to use privileges assigned to another role.
 PostgreSQL lets you grant permissions directly to the database users. As a good security practice, it can be recommended that you create roles with specific sets of permissions based on minimum application and access requirements and then assign the appropriate roles to each user. The roles should be used to enforce a *least privilege model* for accessing database objects.
 
-While you're creating the Azure Database for PostgreSQL server, you provide credentials for an **administrator role**. This administrator role can be used to create more [PostgreSQL roles](https://www.postgresql.org/docs/current/user-manag.html). The administrator role should never be used by the application.
+The Azure Database for PostgreSQL server is created with the 3 default roles defined. You can see these roles by running the command: 
+```sql
+SELECT rolname FROM pg_roles;
+```
+* azure_pg_admin.
+* azuresu.
+* administrator role.
 
+While you're creating the Azure Database for PostgreSQL server, you provide credentials for an **administrator role**. This administrator role can be used to create more [PostgreSQL roles](https://www.postgresql.org/docs/current/user-manag.html). 
 For example, below we can create an example role called *demouser*,
 
 ```SQL
 postgres=> create role demouser with password 'password123';
 ```
+The **administrator role** should never be used by the application.
+
+In cloud-based PaaS environments access to a PostgreSQL superuser account is restricted to control plane operations only by cloud operators. Therefore, the **azure_pg_admin** account is added to the database as a pseudo-superuser account. Your administrator role is a member of the **azure_pg_admin** role. 
+However, the server admin account is not part of the **azuresu** role, which has superuser privileges and is used to perform control pane operations. Since this service is a managed PaaS service, only Microsoft is part of the superuser role.
+
 
 You can periodically audit the list of roles in your server. For example, you can connect using `psql` client and query the `pg_roles` table which lists all the roles along with privileges such as create additional roles, create databases, replication etc. 
 
@@ -78,6 +90,9 @@ rolbypassrls   | f
 rolconfig      |
 oid            | 24827
 
+
+
+
 ```
 
 [Audit logging](concepts-audit.md) is also available with Flexible Server to track activity in your databases.